Section 2060.325  Patient/Client Records


a)         Licensees shall maintain a written record for each patient or client. Such record may also be maintained electronically on a computer but shall be made available in hard copy upon request for review by the Department.


b)         Any written entry on the record shall be in ink and shall be dated and shall meet all other signatory requirements for professional staff as specified in Sections 2060.421 and 2060.423 of this Part.


c)         Written signatures or initials and electronic signature or computer-generated signature codes and corresponding dates are acceptable as authentication to identify the author of the record entry by that author and to confirm that the contents are what the author intended.  Signature or initial stamps shall not be utilized.


d)         All signatures or initials, whether written, electronic, or computer-generated, shall include the initials of the signer's credentials.


e)         In order to utilize electronic signature or computer-generated signature codes and dates, the organization shall adopt a policy that permits use and authentication by electronic or computer-generated signature and dates and shall, at a minimum:


1)         identify which staff are authorized to authenticate records using electronic or computer-generated signatures and dates;


2)         ensure that each user is assigned a unique identifier that is generated through a confidential access code;


3)         certify in writing that each identifier is kept confidential; and


4)         have each user certify in writing that he or she is the only person with user access to the identifier and the only person authorized to use the signature code.


f)         Records maintained on computer shall have a back-up system to safeguard the records in the event of operator or equipment failure.


g)         Any document or entry made on a document in the record that is in any other language than English shall have an accompanying English language translation.


h)         All records shall be protected in a locked room, locked file, safe or similar container or in computer records with secure, limited access.


i)          The record shall document any service provided by the organization at any facility.  Additionally, if the organization provides multiple services that are licensed by the Department at any facility, one record can document all of such services.


j)          The record shall contain the signatory document that indicates the patient/client has been informed of his or her rights.


k)         The record shall contain documentation indicating the consent of the patient, and any other family members or guardians, for any service.


l)          The record shall contain, on a standardized format, the following information:


1)         name;


2)         home address;


3)         home and work telephone number;


4)         date of birth;


5)         sex;


6)         race or ethnic origin and/or language preference;


7)         emergency contact;


8)         education;


9)         religion;


10)         marital status;


11)         type and place of employment;


12)         physical or mental disability, if any;


13)         social security number, if requested;


14)         drivers license number, county of residence and county of arrest (required only for DUI evaluation or risk education services); 


15)         annual household income, if applicable to any subsidized or reduced fee for service, unless this information is kept in a separate financial record; and


16)         documentation of any disclosures of protected health information to the extent required by HIPAA (see Section 2060.325(u)(3) of this Part).


m)        The record shall contain dates of any admission, change in level of care or discharge.


n)         The record shall contain a dated service fee statement and proof, if applicable, of any qualifying documents relative to fee subsidization, including the "Qualification for DUI Services as an Indigent" form, unless this information is kept in a separate financial record.


o)         The record shall be kept for a period of five years from the date of discharge, except that required accounting of disclosures of HIPAA protected health information must be kept for six years.  While organizations may elect to keep records past this five year period, if the option to delete records is exercised, it shall be done by one of the following methods:


1)         burning or shredding; or


2)         erasure from all computer files.


p)         The record shall contain the following information or documents for any treatment service:


1)         documentation of the treatment assessment and patient placement process;


2)         documentation of the diagnostic impression and physician confirmed diagnosis;


3)         documentation of laboratory and/or other diagnostic procedures/results and reports that the organization directly provided (except for HIV testing unless the patient has given written informed consent) and documentation of the tuberculin skin test results, the date given and date read, if applicable;


4)         the treatment plan and documentation of all required signatures and dates;


5)         progress notes that document all treatment services, any subsequent treatment plan reviews and on-going assessment and documentation of all required signatures and dates;


6)         documentation of completion of patient education specified in Section 2060.409 of this Part;


7)         documentation of any correspondence or telephone calls received or made relevant to treatment services; and


8)         a copy of the discharge summary unless the patient left prior to receiving any of these services.


q)         The record shall contain copies of all referenced forms in Subpart E for any offender receiving a DUI evaluation or risk education service.


r)          A staff member shall be designated who will have responsibility to ensure that all records are in compliance with this Part.  This staff member shall review, at least annually, the record system to ensure that the system meets all requirements specified in this Part.


s)         Records shall be kept in the facility where the patient/client is receiving services   (or in accordance with Section 2060.203(b) of this Part, in specific relation to off-site services) and shall be directly accessible to the professional staff providing those services.


t)          Information in the record may be used for training, research and quality improvement provided that the information is collected in accordance with any relevant confidentiality requirements.


u)         Licensees who are covered by HIPAA shall have procedures to comply with HIPAA Privacy and Security provisions (45 CFR 160 and 164), including the following:


            1)         procedure to access the patient's record as set forth in 45 CFR 164.524;


2)         procedure to request amendment to his or her record as set forth in 45 CFR 164.526;


3)         procedure to request an accounting of disclosures of his or her medical records or portions thereof for the previous six years as set forth in 45 CFR 164.528; and


4)         procedure to file a complaint with the licensee and with the U.S. Department of Health and Human Services, Office of Civil Rights in connection with an alleged violation of the HIPAA Privacy provisions set forth in 45 CFR 160.306.


(Source:  Amended at 27 Ill. Reg. 13997, effective August 8, 2003)